Chapter 5 Apple Virus

The earliest case of a virus that succeeded “in the wild” goes back to late 1981, even before the work of Fred Cohen. In fairness, this does not appear to have been noted by many until long after the fact. For the benefit of those who do not delight in flame wars the author will not be identified: those who have followed the history of viri [CKnow: viruses] will know whom I refer to as Joe :-).

The idea was sparked by a speculation regarding “evolution” and “natural selection” in pirated copies of games at Texas A&M: the “reproduction” of preferred games and “extinction” of poor ones. This led to considerations of programs which reproduced on their own. (I see no reason to doubt the author’s contention that there was no malice involved: this was, after all, the first case that we know of. Indeed, it was Joe’s contention that a virus had to be relatively “benign” in order to survive.)

Apple II computer diskettes of that time, when formatted in the normal way, always contained the disk operating system. Joe attempted to find the minimum change that would make a version of the DOS that was viral, and then tried to find an “optimal” viral DOS. A group came up with version 1 of such a virus in early 1982, but quarantined it because of adverse effects. Version 2 seemed to have no negative impact, and was allowed to “spread” through the disks of group members.

Eventually security was relaxed too far and the virus escaped to the general Apple user population. It was only then that the negative impact of the virus was seen: the additional code length caused some programs, and one computer game in particular, to abort. A third version was written which made strenuous efforts to avoid the memory problems: parts of the coding involve bytes which are both data and opcode. Version 3 was subsequently found to have spread into disk populations previously felt to be uninfected, but no adverse reactions were ever reported.

(For those who have Apple DOS 3.3 disks, location B6E8 in memory, towards the end of track 0, sector 0 on disk, should be followed by eighteen zero bytes. If, instead, the text “(GEN xxxxxxx TAMU)” appears, the digits represented by the “x”s should be a generation counter for virus version 3.)

The story has an interesting postscript. In 1984, a malicious virus was found to be spreading through the schools where all this took place. Some disks appeared to have some immunity. These immune disks turned out to all be infected with version 3.

Robert M. Slade’s history is available here with permission of Robert M. Slade. Please do not further use the material without obtaining your own permission to use it.

Up Arrow Robert Slade Computer Virus History Up Arrow
Prior Page Next Page
Chapter 4 Pranks/Trojans Chapter 6 Lehigh/Jerusalem